Bug#433091: marked as done (ignores expiry of archive keys)

Sat, 02 May 2009 13:04:55 -0700 

Your message dated Sat, 02 May 2009 19:54:46 +0000
with message-id <[email protected]>
and subject line Bug#433091: fixed in apt 0.6.46.4-0.1+etch1
has caused the Debian Bug report #433091,
regarding ignores expiry of archive keys
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
433091: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: apt
Version: 0.7.3
Severity: important

If I update from an archive whose key recently expired and I have
not yet updated the local copy via apt-key -- the local keyring says
it's expired -- APT does not complain but just proceeds. I think it
should *at least* warn.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.21-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii  debian-archive-keyring  2007.02.19-0.1   GnuPG archive keys of the Debian a
ii  libc6                   2.6-2            GNU C Library: Shared libraries
ii  libgcc1                 1:4.2-20070707-1 GCC support library
ii  libstdc++6              4.2-20070707-1   The GNU Standard C++ Library v3

apt recommends no packages.

-- no debconf information

-- 
 .''`.   martin f. krafft <[email protected]>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems

Attachment: signature.asc
Description: Digital signature (GPG/PGP)


--- End Message ---
--- Begin Message --- 
Source: apt
Source-Version: 0.6.46.4-0.1+etch1

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive:

apt-doc_0.6.46.4-0.1+etch1_all.deb
  to pool/main/a/apt/apt-doc_0.6.46.4-0.1+etch1_all.deb
apt-utils_0.6.46.4-0.1+etch1_i386.deb
  to pool/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_i386.deb
apt_0.6.46.4-0.1+etch1.dsc
  to pool/main/a/apt/apt_0.6.46.4-0.1+etch1.dsc
apt_0.6.46.4-0.1+etch1.tar.gz
  to pool/main/a/apt/apt_0.6.46.4-0.1+etch1.tar.gz
apt_0.6.46.4-0.1+etch1_i386.deb
  to pool/main/a/apt/apt_0.6.46.4-0.1+etch1_i386.deb
libapt-pkg-dev_0.6.46.4-0.1+etch1_i386.deb
  to pool/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_i386.deb
libapt-pkg-doc_0.6.46.4-0.1+etch1_all.deb
  to pool/main/a/apt/libapt-pkg-doc_0.6.46.4-0.1+etch1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Vogt <[email protected]> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 19 Apr 2009 21:06:46 +0200
Source: apt
Binary: apt-utils libapt-pkg-doc libapt-pkg-dev apt-doc apt
Architecture: source all i386
Version: 0.6.46.4-0.1+etch1
Distribution: oldstable-security
Urgency: high
Maintainer: APT Development Team <[email protected]>
Changed-By: Michael Vogt <[email protected]>
Description: 
 apt        - Advanced front-end for dpkg
 apt-doc    - Documentation for APT
 apt-utils  - APT utility programs
 libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - Documentation for APT development
Closes: 433091 523213
Changes: 
 apt (0.6.46.4-0.1+etch1) oldstable-security; urgency=high
 .
   * debian/apt.cron.daily:
     - fix possible DST timestap releated auto-update problem
       (CVE-2009-1300, closes: #523213)
   * methods/gpgv.cc:
     - properly check for expired and revoked keys (closes: #433091)
Files: 
 c631100edac082afe2dddb28030ed6ff 1108 admin important 
apt_0.6.46.4-0.1+etch1.dsc
 e6eaebb8a12f5243668ca56e65c8c71e 1798703 admin important 
apt_0.6.46.4-0.1+etch1.tar.gz
 999f34683b7cb7818258ac1ebfca701c 89752 doc optional 
apt-doc_0.6.46.4-0.1+etch1_all.deb
 b91e59e2e1093ecbe387ccc7e8111d73 112248 doc optional 
libapt-pkg-doc_0.6.46.4-0.1+etch1_all.deb
 73f115b27de4fdf11af97e2b5afca613 1438190 admin important 
apt_0.6.46.4-0.1+etch1_i386.deb
 6aa9a63c060eb0461b66f67e35ed20c7 84166 libdevel optional 
libapt-pkg-dev_0.6.46.4-0.1+etch1_i386.deb
 7245c5ea84b1c4eefa816af20868a794 198392 admin important 
apt-utils_0.6.46.4-0.1+etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJ7ZDZAAoJECIIoQCMVaAcYgQH+wXRkiChxfmz1vuiqDe1yx/K
a5T5c+zb/mrY1Q3M0zh/p0sB9xmE6XBC9c4UYEX3qLS/V0PJ4eND1DHyT8qBtm67
mB2G/+U0MDFB607l5vCIstSchgJP9XTLA7cdvTudQCgEihYhvXpySSzHNPcn+WHv
Bb5fTvcERQ7zVfjFv2tySyn/y5dwssqf0dwm625NuYc75oD1eVHZ+vpX1WVMHI4K
795kdmDE7X0/vbg0P6CIZn4xRo1P/JLuhzZt1f7facB0mCLnHphHKhB2e7vBHECu
OPqW9ryZsPDD34Zs/v0UPosYqFOwyrY8JMyJQog2/VljHqhAVB1/A4aZShLuwIw=
=9jPa
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to